2

I'm sure this is simple, but Google is not my friend this morning.

The goal is:

/public... is openly accessible

everything else (including /) requires basic auth.

This is a WSGI app, with a single WSGI script (it's a django site, if that matters..)

I have this:

<Location /public>
  Order deny,allow
  Allow from all
</Location>
<Directory />
  AuthType Basic
  AuthName "My Test Server"
  AuthUserFile /path/to/.htpasswd
  Require valid-user
</Directory>

With this configuration, basic auth works fine, but the Location directive is totally ignored. I'm not surprised, as according to this (see How the Sections are Merged), the Directory directive is processed first.

I'm sure I'm missing something, but since Directory applies to a filesystem location, and I really only have the one Directory at /, and it's a Location that I wish to allow access to, but Directory always overrides Location...

EDIT

I'm using Apache 2.2, which doesn't support AuthType None.

Chris Lawlor
  • 181
  • 1
  • 6

2 Answers2

2

For Apache 2.0, set AuthType None within your <Location /public> stanza:

<Location /public>
  AuthType None
  Order deny,allow
  Allow from all
</Location>

http://httpd.apache.org/docs/trunk/mod/mod_authn_core.html#AuthType

beans
  • 1,550
  • 13
  • 16
2

For Apache 2.2 (and probably others in the 2 series older than 2.3):

<Location /public>
  Satisfy any
  Allow from all
</Location>
<Location />
  AuthType Basic
  AuthName "My Test Server"
  AuthUserFile /path/to/.htpasswd
  Require valid-user
</Location>
Chris Lawlor
  • 181
  • 1
  • 6
  • This doesn't work - I still get the auth box on the location I am trying to remove it from. I hate Apache so much... –  Sep 18 '12 at 16:37